Facebook Improves Clickjacking Security

It’s finally happened: Facebook has started to take clickjacking seriously. Earlier this month, the company updated its site to make clickjacking (or likejacking, as it’s known on Facebook) more difficult to use. It’s a fairly simple strategy that should work well for most people. Whenever Facebook’s security system notices a suspicious link or like, it will prompt the user to use a CAPTCHA to ensure that an actual human has approved the action.

This should stop most clickjacking attempts since users activate them unknowingly. Certainly, some people will wonder what the CAPTCHA is all about. A few of those people will even fill in the CAPTCHA, thus authenticating the clickjack. There isn’t a whole lot that Facebook can do about that, though. If someone is willfully ignorant of security issues, then they are most susceptible to attacks.

Facebook also released an optional security upgrade that makes members use a two-step log in process. This prevents hackers from accessing accounts. If, for instance, a hacker has stolen your account name and password, they will still have to find the answer to an authenticating question to access your account.

Unfortunately, Facebook didn’t make this two-step process mandatory for all users. The company is trying to walk a fine line between strong security and user friendliness, so it’s easy to understand why they have given users the two-step option without forcing them to use it.

These are some helpful upgrades that will make Facebook a little safer for everyone. That doesn’t mean, however, that you can let your guard down totally.